[Freeipa-devel] [freeipa PR#416][comment] replica install: relax domain level check for promotion

2017-01-31 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/416 Title: #416: replica install: relax domain level check for promotion HonzaCholasta commented: """ Excuse me, but what is the point of checking for an exact domain level? Shouldn't `check_domain_level()` rather always check for a

[Freeipa-devel] [freeipa PR#337][+ack] Client-side CSR autogeneration (take 2)

2017-01-31 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/337 Title: #337: Client-side CSR autogeneration (take 2) Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

[Freeipa-devel] [freeipa PR#337][comment] Client-side CSR autogeneration (take 2)

2017-01-31 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/337 Title: #337: Client-side CSR autogeneration (take 2) HonzaCholasta commented: """ Fixed upstream master: https://fedorahosted.org/freeipa/changeset/10ef5947860f5098182b1f95c08c1158e2da15f9 https://fedorahosted.org/fr

[Freeipa-devel] [freeipa PR#337][closed] Client-side CSR autogeneration (take 2)

2017-01-31 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/337 Author: LiptonB Title: #337: Client-side CSR autogeneration (take 2) Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/337/head:pr337 git checkout pr337 -- Manage

[Freeipa-devel] [freeipa PR#337][+pushed] Client-side CSR autogeneration (take 2)

2017-01-31 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/337 Title: #337: Client-side CSR autogeneration (take 2) Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

[Freeipa-devel] [freeipa PR#337][comment] Client-side CSR autogeneration (take 2)

2017-01-31 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/337 Title: #337: Client-side CSR autogeneration (take 2) HonzaCholasta commented: """ @LiptonB, "CSR generation profile" works for me. Once the new design is implemented though, "CSR template" will be

[Freeipa-devel] [freeipa PR#416][comment] replica install: relax domain level check for promotion

2017-01-31 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/416 Title: #416: replica install: relax domain level check for promotion HonzaCholasta commented: """ I see. The point is, `check_domain_level()` is supposed to check whether replica promotion is possible or not in the current domain

[Freeipa-devel] [freeipa PR#336][comment] [py3] pki: add missing depedency pki-base[-python3]

2017-02-01 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/336 Title: #336: [py3] pki: add missing depedency pki-base[-python3] HonzaCholasta commented: """ LGTM """ See the full comment at https://github.com/freeipa/freeipa/pull/336#issuecomment-276612233 -- Manage your subs

[Freeipa-devel] [freeipa PR#436][comment] x509: allow leading text in PEM files

2017-02-06 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/436 Title: #436: x509: allow leading text in PEM files HonzaCholasta commented: """ Oops, didn't realize that `^` matches beginning of each line in multiline mode. I think we can keep the test, though. """

[Freeipa-devel] [freeipa PR#436][synchronized] x509: allow leading text in PEM files

2017-02-06 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/436 Author: HonzaCholasta Title: #436: x509: allow leading text in PEM files Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/436/head:pr436 git checkout pr436

[Freeipa-devel] [freeipa PR#436][comment] x509: allow leading text in PEM files

2017-02-06 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/436 Title: #436: x509: allow leading text in PEM files HonzaCholasta commented: """ Fixed upstream master: https://fedorahosted.org/freeipa/changeset/89dfbab3ca076812590f371c21abcb51b350170b """ See the full comment

[Freeipa-devel] [freeipa PR#436][+pushed] x509: allow leading text in PEM files

2017-02-06 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/436 Title: #436: x509: allow leading text in PEM files Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

[Freeipa-devel] [freeipa PR#436][opened] x509: allow leading text in PEM files

2017-02-06 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/436 Author: HonzaCholasta Title: #436: x509: allow leading text in PEM files Action: opened PR body: """ This fixes a regression introduced in commit b8d6524d43dd0667184aebc79fb77a9b8a46939a. https://fedorahosted.org/free

[Freeipa-devel] [freeipa PR#436][closed] x509: allow leading text in PEM files

2017-02-06 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/436 Author: HonzaCholasta Title: #436: x509: allow leading text in PEM files Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/436/head:pr436 git checkout pr436

[Freeipa-devel] [freeipa PR#438][opened] ipaldap: preserve order of values in LDAPEntry._sync()

2017-02-07 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/438 Author: HonzaCholasta Title: #438: ipaldap: preserve order of values in LDAPEntry._sync() Action: opened PR body: """ In Python 2, the order was preserved by accident. This change makes sure the order is preserved in both

[Freeipa-devel] [freeipa PR#336][+ack] [py3] pki: add missing depedency pki-base[-python3]

2017-02-07 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/336 Title: #336: [py3] pki: add missing depedency pki-base[-python3] Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

[Freeipa-devel] [freeipa PR#396][comment] Explicitly remove support of SSLv2

2017-02-07 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/396 Title: #396: Explicitly remove support of SSLv2 HonzaCholasta commented: """ @stlaz, you don't have to replace `root_logger` in old code, but don't use it in new code. """ See the full comment at https://githu

[Freeipa-devel] [freeipa PR#438][synchronized] ipaldap: preserve order of values in LDAPEntry._sync()

2017-02-07 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/438 Author: HonzaCholasta Title: #438: ipaldap: preserve order of values in LDAPEntry._sync() Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/438/head:pr438 git

[Freeipa-devel] [freeipa PR#427][closed] [Py3] WSGI part 2

2017-02-07 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/427 Author: MartinBasti Title: #427: [Py3] WSGI part 2 Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/427/head:pr427 git checkout pr427 -- Manage your subscription

[Freeipa-devel] [freeipa PR#427][+pushed] [Py3] WSGI part 2

2017-02-07 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/427 Title: #427: [Py3] WSGI part 2 Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#427][comment] [Py3] WSGI part 2

2017-02-07 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/427 Title: #427: [Py3] WSGI part 2 HonzaCholasta commented: """ Fixed upstream master: https://fedorahosted.org/freeipa/changeset/caa560ca79e4038b161b27d11e3f144606dbbcdb https://fedorahosted.org/fr

[Freeipa-devel] [freeipa PR#370][comment] ci: send build log to paste.fedoraproject.org

2017-02-08 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/370 Title: #370: ci: send build log to paste.fedoraproject.org HonzaCholasta commented: """ Right, I suggested https://transfer.sh, because uploading a file there is as easy as: ```bash curl --upload-file ./file https://transfer.sh

[Freeipa-devel] [freeipa PR#427][+ack] [Py3] WSGI part 2

2017-02-07 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/427 Title: #427: [Py3] WSGI part 2 Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#370][comment] ci: send build log to paste.fedoraproject.org

2017-02-08 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/370 Title: #370: ci: send build log to paste.fedoraproject.org HonzaCholasta commented: """ @martbab, I would rather not include irrelevant stuff, it's just noise. """ See the full comment at https://github.com/freeipa

[Freeipa-devel] [freeipa PR#408][opened] ipaldap: properly escape raw binary values in LDAP filters

2017-01-23 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/408 Author: HonzaCholasta Title: #408: ipaldap: properly escape raw binary values in LDAP filters Action: opened PR body: """ Manually escape each byte in the value, do not use ldap.filter.escape_filter_chars() as it does not

[Freeipa-devel] [freeipa PR#408][synchronized] ipaldap: properly escape raw binary values in LDAP filters

2017-01-23 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/408 Author: HonzaCholasta Title: #408: ipaldap: properly escape raw binary values in LDAP filters Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/408/head:pr408

[Freeipa-devel] [freeipa PR#408][synchronized] ipaldap: properly escape raw binary values in LDAP filters

2017-01-23 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/408 Author: HonzaCholasta Title: #408: ipaldap: properly escape raw binary values in LDAP filters Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/408/head:pr408

[Freeipa-devel] [freeipa PR#337][comment] Client-side CSR autogeneration (take 2)

2017-01-23 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/337 Title: #337: Client-side CSR autogeneration (take 2) HonzaCholasta commented: """ @LiptonB, there's still one issue which I'd like to be resolved in this PR, and that's that currently CSR templates are tied to certificat

[Freeipa-devel] [freeipa PR#337][comment] Client-side CSR autogeneration (take 2)

2017-01-24 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/337 Title: #337: Client-side CSR autogeneration (take 2) HonzaCholasta commented: """ @LiptonB, I think certificate profiles and CSR generation profiles / templates *should* be associated, but not by sharing the same logical `certp

[Freeipa-devel] [freeipa PR#314][comment] RFC: privilege separation for ipa framework code

2017-01-24 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/314 Title: #314: RFC: privilege separation for ipa framework code HonzaCholasta commented: """ @simo5, replica install still fails for me in the same way as before. """ See the full comment at https://githu

[Freeipa-devel] [freeipa PR#359][comment] dogtag: search past the first 100 certificates

2017-01-24 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/359 Title: #359: dogtag: search past the first 100 certificates HonzaCholasta commented: """ Fixed upstream master: https://fedorahosted.org/freeipa/changeset/d84edc43e55c2f7c30614a4a5268aeb58e33a087 https://fedorahosted.org/fr

[Freeipa-devel] [freeipa PR#359][closed] dogtag: search past the first 100 certificates

2017-01-24 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/359 Author: HonzaCholasta Title: #359: dogtag: search past the first 100 certificates Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/359/head:pr359 git checkout

[Freeipa-devel] [freeipa PR#359][+pushed] dogtag: search past the first 100 certificates

2017-01-24 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/359 Title: #359: dogtag: search past the first 100 certificates Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

[Freeipa-devel] [freeipa PR#314][comment] RFC: privilege separation for ipa framework code

2017-01-25 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/314 Title: #314: RFC: privilege separation for ipa framework code HonzaCholasta commented: """ @simo5, it turns out the request fails not on the replica, but on the initial master, so it's actually `ipa-server-install` which is

[Freeipa-devel] [freeipa PR#314][comment] RFC: privilege separation for ipa framework code

2017-01-30 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/314 Title: #314: RFC: privilege separation for ipa framework code HonzaCholasta commented: """ Both replica install and CA-less install now work, but: * `ipa-replica-install` creates `/var/lib/ipa/radb` owned by `root` rather than `i

[Freeipa-devel] [freeipa PR#419][opened] ipa-ca-install: do not fail without --subject-base and --ca-subject

2017-01-30 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/419 Author: HonzaCholasta Title: #419: ipa-ca-install: do not fail without --subject-base and --ca-subject Action: opened PR body: """ When --subject-base and --ca-subject are not specified in ipa-ca-install, default values are u

[Freeipa-devel] [freeipa PR#337][comment] Client-side CSR autogeneration (take 2)

2017-01-30 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/337 Title: #337: Client-side CSR autogeneration (take 2) HonzaCholasta commented: """ Before I push this, could you please: * squash "Fix broken tests in CSR autogeneration" into "Add tests for CSR autogeneration&q

[Freeipa-devel] [freeipa PR#337][+ack] Client-side CSR autogeneration (take 2)

2017-01-30 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/337 Title: #337: Client-side CSR autogeneration (take 2) Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

[Freeipa-devel] [freeipa PR#418][opened] replica install: do not log host OTP

2017-01-30 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/418 Author: HonzaCholasta Title: #418: replica install: do not log host OTP Action: opened PR body: """ Do not log the value of the --password option of ipa-client-install when it is run from ipa-replica-install before replica pr

[Freeipa-devel] [freeipa PR#337][-ack] Client-side CSR autogeneration (take 2)

2017-01-30 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/337 Title: #337: Client-side CSR autogeneration (take 2) Label: -ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

[Freeipa-devel] [freeipa PR#337][comment] Client-side CSR autogeneration (take 2)

2017-01-30 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/337 Title: #337: Client-side CSR autogeneration (take 2) HonzaCholasta commented: """ @LiptonB, I meant it the other way around - `certprofile` should have an (optional) attribute which points to the associated CSR template. &q

[Freeipa-devel] [freeipa PR#395][comment] Configure PKI ajp redirection to use "localhost" instead of "::1"

2017-01-30 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/395 Title: #395: Configure PKI ajp redirection to use "localhost" instead of "::1" HonzaCholasta commented: """ @pvoborni, there is no benefit in bumping `Requires` in a separate patch, as this patch is blocke

[Freeipa-devel] [freeipa PR#419][closed] ipa-ca-install: do not fail without --subject-base and --ca-subject

2017-01-30 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/419 Author: HonzaCholasta Title: #419: ipa-ca-install: do not fail without --subject-base and --ca-subject Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/419

[Freeipa-devel] [freeipa PR#419][comment] ipa-ca-install: do not fail without --subject-base and --ca-subject

2017-01-30 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/419 Title: #419: ipa-ca-install: do not fail without --subject-base and --ca-subject HonzaCholasta commented: """ Fixed upstream master: https://fedorahosted.org/freeipa/changeset/87400cdec1054971f50f90a0c63f18ab045f3833 "&quo

[Freeipa-devel] [freeipa PR#419][+pushed] ipa-ca-install: do not fail without --subject-base and --ca-subject

2017-01-30 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/419 Title: #419: ipa-ca-install: do not fail without --subject-base and --ca-subject Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

[Freeipa-devel] [freeipa PR#476][synchronized] vault: cache the transport certificate on client

2017-02-21 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/476 Author: HonzaCholasta Title: #476: vault: cache the transport certificate on client Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/476/head:pr476 git

[Freeipa-devel] [freeipa PR#490][opened] [WIP] certdb: use certutil and match_hostname for cert verification

2017-02-21 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/490 Author: HonzaCholasta Title: #490: [WIP] certdb: use certutil and match_hostname for cert verification Action: opened PR body: """ Use certutil and ssl.match_hostname calls instead of python-nss for certificate verificatio

[Freeipa-devel] [freeipa PR#476][synchronized] vault: cache the transport certificate on client

2017-02-21 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/476 Author: HonzaCholasta Title: #476: vault: cache the transport certificate on client Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/476/head:pr476 git

[Freeipa-devel] [freeipa PR#397][comment] Improve wheel building and provide ipaserver wheel for local testing

2017-02-21 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/397 Title: #397: Improve wheel building and provide ipaserver wheel for local testing HonzaCholasta commented: """ I can't say I agree with this approach. If this is just for testing, surely you can work around the missing `pyhbac` i

[Freeipa-devel] [freeipa PR#437][comment] FIPS: replica install check

2017-02-21 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/437 Title: #437: FIPS: replica install check HonzaCholasta commented: """ LGTM. """ See the full comment at https://github.com/freeipa/freeipa/pull/437#issuecomment-281333137 -- Manage your subscription for the Fre

[Freeipa-devel] [freeipa PR#490][comment] [WIP] certdb: use certutil and match_hostname for cert verification

2017-02-21 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/490 Title: #490: [WIP] certdb: use certutil and match_hostname for cert verification HonzaCholasta commented: """ @tiran, how do I ensure that? """ See the full comment at https://github.com/freeipa/freeipa/p

[Freeipa-devel] [freeipa PR#490][synchronized] [WIP] certdb: use certutil and match_hostname for cert verification

2017-02-21 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/490 Author: HonzaCholasta Title: #490: [WIP] certdb: use certutil and match_hostname for cert verification Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/490

[Freeipa-devel] [freeipa PR#492][comment] [WIP] config: remove meaningless defaults

2017-02-21 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/492 Title: #492: [WIP] config: remove meaningless defaults HonzaCholasta commented: """ @tiran, not really, the order does not matter here. """ See the full comment at https://github.com/freeipa/freeipa/pull/492#iss

[Freeipa-devel] [freeipa PR#398][comment] Support for Certificate Identity Mapping

2017-02-21 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/398 Title: #398: Support for Certificate Identity Mapping HonzaCholasta commented: """ LGTM. @flo-renaud, don't forget to register the new OIDs. """ See the full comment at https://github.com/freeipa/freeipa/p

[Freeipa-devel] [freeipa PR#113][+rejected] ipalib.constants: Remove default domain, realm, basedn, xmlrpc_uri, ldap_uri

2017-02-21 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/113 Title: #113: ipalib.constants: Remove default domain, realm, basedn, xmlrpc_uri, ldap_uri Label: +rejected -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to

[Freeipa-devel] [freeipa PR#492][opened] [WIP] config: remove meaningless defaults

2017-02-21 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/492 Author: HonzaCholasta Title: #492: [WIP] config: remove meaningless defaults Action: opened PR body: """ **ipalib.constants: Remove default domain, realm, basedn, xmlrpc_uri, ldap_uri** Domain, realm, basedn, xmlrpc_uri, ldap_

[Freeipa-devel] [freeipa PR#113][closed] ipalib.constants: Remove default domain, realm, basedn, xmlrpc_uri, ldap_uri

2017-02-21 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/113 Author: pspacek Title: #113: ipalib.constants: Remove default domain, realm, basedn, xmlrpc_uri, ldap_uri Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa

[Freeipa-devel] [freeipa PR#113][comment] ipalib.constants: Remove default domain, realm, basedn, xmlrpc_uri, ldap_uri

2017-02-21 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/113 Title: #113: ipalib.constants: Remove default domain, realm, basedn, xmlrpc_uri, ldap_uri HonzaCholasta commented: """ Superseded by #492. """ See the full comment at https://github.com/freeipa/freeipa/p

[Freeipa-devel] [freeipa PR#301][closed] scripts, tests: explicitly set confdir in the rest of server code

2017-02-22 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/301 Author: HonzaCholasta Title: #301: scripts, tests: explicitly set confdir in the rest of server code Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/301

[Freeipa-devel] [freeipa PR#301][comment] scripts, tests: explicitly set confdir in the rest of server code

2017-02-22 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/301 Title: #301: scripts, tests: explicitly set confdir in the rest of server code HonzaCholasta commented: """ Fixed upstream master: https://fedorahosted.org/freeipa/changeset/fe6f2b6f6effcf9f3c58e1e3f6d0874609c10c25 "&quo

[Freeipa-devel] [freeipa PR#301][+pushed] scripts, tests: explicitly set confdir in the rest of server code

2017-02-22 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/301 Title: #301: scripts, tests: explicitly set confdir in the rest of server code Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

[Freeipa-devel] [freeipa PR#492][comment] [WIP] config: remove meaningless defaults

2017-02-22 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/492 Title: #492: [WIP] config: remove meaningless defaults HonzaCholasta commented: """ Sure. """ See the full comment at https://github.com/freeipa/freeipa/pull/492#issuecomment-281597461 -- Manage your subscription

[Freeipa-devel] [freeipa PR#364][comment] Client-only builds with --disable-server

2017-02-21 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/364 Title: #364: Client-only builds with --disable-server HonzaCholasta commented: """ @tiran, not just for @lslebodn, `--without-ipatests` will be very useful to me for RHEL and Arch Linux packaging as well . """

[Freeipa-devel] [freeipa PR#397][comment] Improve wheel building and provide ipaserver wheel for local testing

2017-02-22 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/397 Title: #397: Improve wheel building and provide ipaserver wheel for local testing HonzaCholasta commented: """ The trust plugin and other trust bits are optional. The cert plugin, which depends on `pyhbac`, is *not* optional, so

[Freeipa-devel] [freeipa PR#476][synchronized] vault: cache the transport certificate on client

2017-02-22 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/476 Author: HonzaCholasta Title: #476: vault: cache the transport certificate on client Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/476/head:pr476 git

[Freeipa-devel] [freeipa PR#367][comment] Remove nsslib from IPA

2017-02-22 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/367 Title: #367: Remove nsslib from IPA HonzaCholasta commented: """ Besides what I wrote in inline comments, we need to get rid of `/var/lib/ipa/radb` now that it's unused. """ See the full comment at https://githu

[Freeipa-devel] [freeipa PR#490][synchronized] [WIP] certdb: use certutil and match_hostname for cert verification

2017-02-22 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/490 Author: HonzaCholasta Title: #490: [WIP] certdb: use certutil and match_hostname for cert verification Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/490

[Freeipa-devel] [freeipa PR#471][comment] Fix some privilege separation regressions

2017-02-20 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/471 Title: #471: Fix some privilege separation regressions HonzaCholasta commented: """ Fixed upstream master: https://fedorahosted.org/freeipa/changeset/b4fa354f500bcf3ac23ee3805f2c166c6a635b92 https://fedorahosted.org/fr

[Freeipa-devel] [freeipa PR#471][+pushed] Fix some privilege separation regressions

2017-02-20 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/471 Title: #471: Fix some privilege separation regressions Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

[Freeipa-devel] [freeipa PR#471][closed] Fix some privilege separation regressions

2017-02-20 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/471 Author: HonzaCholasta Title: #471: Fix some privilege separation regressions Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/471/head:pr471 git checkout pr471

[Freeipa-devel] [freeipa PR#471][synchronized] Fix some privilege separation regressions

2017-02-20 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/471 Author: HonzaCholasta Title: #471: Fix some privilege separation regressions Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/471/head:pr471 git checkout

[Freeipa-devel] [freeipa PR#506][comment] added ssl verification

2017-02-24 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/506 Title: #506: added ssl verification HonzaCholasta commented: """ We don't want to trust certificates issued by random internet CAs, this is how it should have been from the beginning. A commit message would be nice though. @tsch

[Freeipa-devel] [freeipa PR#505][opened] dns: fix `dnsrecord_add` interactive mode

2017-02-24 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/505 Author: HonzaCholasta Title: #505: dns: fix `dnsrecord_add` interactive mode Action: opened PR body: """ `dnsrecord_add` interactive mode might prompt for value of non-existent arguments `a_part_create_reverse` and `_part

[Freeipa-devel] [freeipa PR#476][synchronized] vault: cache the transport certificate on client

2017-02-23 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/476 Author: HonzaCholasta Title: #476: vault: cache the transport certificate on client Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/476/head:pr476 git

[Freeipa-devel] [freeipa PR#498][opened] compat: fix `Any` params in `batch` and `dnsrecord`

2017-02-23 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/498 Author: HonzaCholasta Title: #498: compat: fix `Any` params in `batch` and `dnsrecord` Action: opened PR body: """ The `methods` argument of `batch` and `dnsrecords` attribute of `dnsrecord` were incorrectly defined as `Str`

[Freeipa-devel] [freeipa PR#492][synchronized] [WIP] config: remove meaningless defaults

2017-02-23 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/492 Author: HonzaCholasta Title: #492: [WIP] config: remove meaningless defaults Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/492/head:pr492 git checkout

[Freeipa-devel] [freeipa PR#472][comment] Packaging: Add placeholder packages

2017-02-20 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/472 Title: #472: Packaging: Add placeholder packages HonzaCholasta commented: """ Is this really the right thing to do? IMO it does not make much sense to have placeholders for every `ipa*` package, as it does not scale a

[Freeipa-devel] [freeipa PR#471][synchronized] Fix some privilege separation regressions

2017-02-20 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/471 Author: HonzaCholasta Title: #471: Fix some privilege separation regressions Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/471/head:pr471 git checkout

[Freeipa-devel] [freeipa PR#471][comment] Fix some privilege separation regressions

2017-02-20 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/471 Title: #471: Fix some privilege separation regressions HonzaCholasta commented: """ @stlaz, not sure what's going on there, but not my fault, these failures happen even without this PR. """ See the full comment

[Freeipa-devel] [freeipa PR#492][comment] [WIP] config: remove meaningless defaults

2017-02-21 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/492 Title: #492: [WIP] config: remove meaningless defaults HonzaCholasta commented: """ I stand corrected, but it does not make sense to reorder the code as you suggested anyway, as it would change the current default of `se

[Freeipa-devel] [freeipa PR#434][comment] csrgen: Automate full cert request flow

2017-02-22 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/434 Title: #434: csrgen: Automate full cert request flow HonzaCholasta commented: """ Thank you. LGTM, but please squash the fixup commit. """ See the full comment at https://github.com/freeipa/freeipa/pull/434#iss

[Freeipa-devel] [freeipa PR#495][comment] Fix ipa-server-upgrade

2017-02-22 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/495 Title: #495: Fix ipa-server-upgrade HonzaCholasta commented: """ @MartinBasti, https://fedorahosted.org/freeipa/ticket/5959. """ See the full comment at https://github.com/freeipa/freeipa/pull/495#issuecom

[Freeipa-devel] [freeipa PR#314][comment] RFC: privilege separation for ipa framework code

2017-02-14 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/314 Title: #314: RFC: privilege separation for ipa framework code HonzaCholasta commented: """ I would personally go with: * Change session handling: 5959 * Generate tmpfiles config at install time: 5959 * Drop use of kinit_as_http

[Freeipa-devel] [freeipa PR#463][comment] pylint_plugins: add forbidden import checker

2017-02-14 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/463 Title: #463: pylint_plugins: add forbidden import checker HonzaCholasta commented: """ The format could be nicer though - suggestions are welcome. """ See the full comment at https://github.com/freeipa/freeipa/p

[Freeipa-devel] [freeipa PR#314][comment] RFC: privilege separation for ipa framework code

2017-02-14 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/314 Title: #314: RFC: privilege separation for ipa framework code HonzaCholasta commented: """ @simo5, I don't agree, the changes in `ipalib/rpc.py` are a pre-requisite for the changes in `ipatests/util.py`, but that doesn't m

[Freeipa-devel] [freeipa PR#463][comment] pylint_plugins: add forbidden import checker

2017-02-14 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/463 Title: #463: pylint_plugins: add forbidden import checker HonzaCholasta commented: """ I don't know what you mean, could you give me an example? """ See the full comment at https://github.com/freeipa/freeipa/p

[Freeipa-devel] [freeipa PR#463][comment] pylint_plugins: add forbidden import checker

2017-02-14 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/463 Title: #463: pylint_plugins: add forbidden import checker HonzaCholasta commented: """ You can, using: ``` ipaclient/install/ ``` """ See the full comment at https://github.com/freeipa/freeipa/pull/463#issuecom

[Freeipa-devel] [freeipa PR#464][comment] Bump required python-cryptography version

2017-02-14 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/464 Title: #464: Bump required python-cryptography version HonzaCholasta commented: """ NACK, you didn't update the comments. """ See the full comment at https://github.com/freeipa/freeipa/pull/464#issuecom

[Freeipa-devel] [freeipa PR#463][synchronized] pylint_plugins: add forbidden import checker

2017-02-14 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/463 Author: HonzaCholasta Title: #463: pylint_plugins: add forbidden import checker Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/463/head:pr463 git checkout

[Freeipa-devel] [freeipa PR#314][comment] RFC: privilege separation for ipa framework code

2017-02-14 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/314 Title: #314: RFC: privilege separation for ipa framework code HonzaCholasta commented: """ @simo5, I don't think this is the correct approach. Rather than deleting `context.session_cookie` in `RPCClient.destroy_connection()`

[Freeipa-devel] [freeipa PR#463][opened] pylint_plugins: add forbidden import checker

2017-02-14 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/463 Author: HonzaCholasta Title: #463: pylint_plugins: add forbidden import checker Action: opened PR body: """ Add new pylint AST checker plugin which implements a check for imports forbidden in IPA. Which imports are forbidden

[Freeipa-devel] [freeipa PR#463][comment] pylint_plugins: add forbidden import checker

2017-02-14 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/463 Title: #463: pylint_plugins: add forbidden import checker HonzaCholasta commented: """ @MartinBasti, this issue is already solved in the PR without using regular expressions. See `pylintrc` for example. """

[Freeipa-devel] [freeipa PR#314][comment] RFC: privilege separation for ipa framework code

2017-02-14 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/314 Title: #314: RFC: privilege separation for ipa framework code HonzaCholasta commented: """ @simo5, most of the commits do not have a ticket link, is this intentional? """ See the full comment at https://githu

[Freeipa-devel] [freeipa PR#398][comment] Support for Certificate Identity Mapping

2017-02-14 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/398 Title: #398: Support for Certificate Identity Mapping HonzaCholasta commented: """ @flo-renaud, nevermind the `default_from` suggestion, I was wrong - if e.g. both `--certmapdata` and `--certificate` are specified, we w

[Freeipa-devel] [freeipa PR#443][comment] Stronger check for DM password during server install

2017-02-08 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/443 Title: #443: Stronger check for DM password during server install HonzaCholasta commented: """ IMHO you got it backwards - DM password may not comply to NSS requirements for passwords, therefore it must not be used as a passw

[Freeipa-devel] [freeipa PR#464][comment] Bump required python-cryptography version

2017-02-14 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/464 Title: #464: Bump required python-cryptography version HonzaCholasta commented: """ Fixed upstream master: https://fedorahosted.org/freeipa/changeset/5b56952a547277fab4c68da02f213d40f931a4ca """ See the full

[Freeipa-devel] [freeipa PR#464][closed] Bump required python-cryptography version

2017-02-14 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/464 Author: stlaz Title: #464: Bump required python-cryptography version Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/464/head:pr464 git checkout pr464 -- Manage

[Freeipa-devel] [freeipa PR#464][+pushed] Bump required python-cryptography version

2017-02-14 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/464 Title: #464: Bump required python-cryptography version Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

[Freeipa-devel] [freeipa PR#464][+ack] Bump required python-cryptography version

2017-02-14 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/464 Title: #464: Bump required python-cryptography version Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

[Freeipa-devel] [freeipa PR#396][comment] Explicitly remove support of SSLv2

2017-02-14 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/396 Title: #396: Explicitly remove support of SSLv2 HonzaCholasta commented: """ LGTM. """ See the full comment at https://github.com/freeipa/freeipa/pull/396#issuecomment-279935166 -- Manage your subscription for

  1   2   3   4   5   >